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DETAILED ACTION 

1. Claims 1-29 are pending in this office action, claim 29 is newly added. 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth-in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
February 28, 2006, has been entered. 

.3. Applicant's arguments with respect to claims 1-29 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC § 103 

5. Claims 1, 3-5, 7, 13, 14, 17, 22, 25, and 29 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Allen et al. (U.S. Patent Pub. No. 2002/0068629 A1 ) in view 
of Wong et al. (U.S. Patent No^ 6,968,364). 
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Regarding claims 1 and 29 . Allen et al. teaches a method of conducting a secure 
transaction with an on-line service while offline comprising the steps of: 

• Issuing a token to a user from an application server for the on-line service while 
the user is online with the online service (fig. 3 and fig. 4, ref. num 424/426); 

• Preparing an off-line transaction object containing data to specify and request the 
secure transaction (all of fig. 5); 

• Sending a message to the on-line service, said message containing the off-line 
transaction object (fig. 3 and fig. 6, ref. num 610); 

• Upon receipt of said message, the application server validating the token to 
authenticate the user and to authorize the secure transaction (fig. 6, ref. num 
612); and 

• Executing the off-line transaction object if the secure transaction is authorized 
(fig. 6, ref. num 614/618). 

Allen et al. does not teach obtaining a transaction authorization token from an 
application server while on-line, sending a message including the transaction 
authorization token, or validating the transaction authorization token at the on-line 
service provider, wherein the application server performs said validating while the 
user is offline from the online service 

Wong et al. teaches obtaining a transaction authorization token from an 
application server while on-line (col. 3, lines 55-58, downloading the token from the 
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server), sending a message including the transaction authorization token (fig. 5, the 
attachments), and validating the transaction authorization token at the on-line service 
provider (col. 20, lines 7-14), wherein the application server performs said 
validating while the user is offline from the online service (col. 20, lines 10-14, e- 
mails are send asynchronously and do not require the sender to be online for the 
receiver to receive and verify). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine obtaining a transaction authorization token, sending 
the transaction authorization token in a message, and validating the transaction 
authorization token while the user is off-line, as taught by Wong et aL with the method 
of Allen et al. It would have been obvious for such modifications because a transaction 
authorization token allows automatic configuration of the PVR, or any other device, in 
response to receiving a message containing the transaction authorization token (see 
col. 20, lines 7-14 of Wong et al.). 

Regarding claim 3 . the combination of Allen et al. in view of Wong et al. teaches 
wherein the authorization token is issued to the user via a download operation while 
the user is on-line with the on-line service (see fig. 4, ref. num 426 of Allen et al.). 
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Regarding claim 4 , the combination of Allen et al. in view of Wong et al. teaches 
wherein the user prepares the off-line transaction object while the user is off-line from 
the on-line service (see paragraph 0043 of Allen et al.). , 

Regarding claim 5 , the combination of Allen et al. in view of Wong et al. teaches 
further comprising requesting a transaction authorization token, wherein the user 
requests the transaction authorization token for the secure transaction from the 
application server for the on-line service (see fig. 4, ref. num 424/426 and paragraph 
0040 of Allen et al.). 

Regarding claim 7 , the combination of Allen et al. in view of Wong et al. teaches 
wherein said issuing a transaction authorization token comprises generating a 
unique identifier when the token is issued, wherein said generating is performed by 
the on-line service (see fig. 3, ref. num 320 of Allen et al.). 

Regarding claim 13 , the combination of Allen et al. in view of Wong et al. teaches 
wherein the transaction authorization token includes data representing a time period 
during which the transaction authorization token is valid (see end of paragraph 0052 
of Allen et al.). 



Regarding claim 14 , the combination of Allen et al. in view of Wong et al. teaches 
wherein the transaction authorization token includes data representing a valid access 
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duration for the transaction authorization token (see end of paragraph 0052 of Allen 
etal.). 

Regarding claim 17 , the combination of Allen et al. in view of Wong et al. teaches 
further comprising encrypting the off-line transaction object (see paragraph 0040 of 
Allen etal.). ' 

Regarding claim 22 , the combination of Allen et al. in view of Wong et al. teaches 
wherein the application server is a web-based application server (see paragraph 0019 
of Allen et al.). 

Regarding claim 25 . the combination of Allen et al. in view of Wong et al. teaches 
further comprising authenticating a user such that the user is online with the on-line 
service, wherein said authenticating is performed with a password and a network 
identity while the user is logging-on to the on-line service (see paragraph 0035 of Allen 
et al.). 

Claims 2. 6. 9-12. 15. 16. 19-21. 23. 24. and 26-28 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Allen et al. (USPGPUB '629) in view of Wono et al. 
(USPN '364), and further in view of Fischer (U.S. Patent Publication No. 2002/0010638 
A1). 
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Regarding claim 2 , Allen et al./Wong et al. teaches all the limitations of claim 1 , 
above. However, Allen et al./Wong et al. does not teach wherein the token is issued to 
the user via an e-mail message sent from the application server for the on-line 
service. 

Fischer teaches wherein the token is issued to the user via an e-mail message 
sent from the application server for the on-line service (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine issuing the token via an e-mail message sent from the 
application server, as taught by Fischer with the method of Allen et al./Wong et al. It 
would have been obvious for such modifications because sending tokens via e-mail 
provides a user the credentials required for secure processing that can be saved and 
used at a later time. This is similar to a user signing up for a service(hotmail.com for 
example) and receiving an e-mail message with the login credentials in the e-mail 
message. 

Regarding claim 9 , the combination of Allen et al. in view of Wong et al./Fischer 
teaches wherein the application server receives an incoming message including the 
transaction authorization token, checks the transaction authorization token for 
validity, and accepts or rejects the transaction authorization token (see fig. 6, ref. num 
614 of Allen etal.). 
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Regarding claim 10 , the combination of Allen et al. in view of Wong et al. /Fischer 
teaches wherein said sending a message to the on-line service containing the 
transaction authorization token and off-line transaction object comprises sending 

an e-mail message delivered to the application server via an asynchronous e-mail 
delivery method (see paragraph 0005 of Fischer). 

Regarding claim 1 1 , the combination of Allen et al. in view of Wong et al. /Fischer 
teaches where the asynchronous delivery mechanism is database record 
synchronization (see paragraph 0034 of Fischer). 

Regarding claim 12 , the combination of Allen et al. in view of Wong et al./Fischer 
teaches where the asynchronous e-mail delivery method comprises a synchronization 
of data between a portable computing device and an on-line service (see paragraph 
0022 of Fischer). 

Regarding claim 21 , the combination of Allen et al. in view of Wong et al./Fischer 
teaches wherein the application server authorizes a specific transaction by a specific 
user on specific data objects such that the transaction authorization token can be 
used only once (see fig. 3, ref. num 318/320 and paragraph 0048 of Allen et al.). 

Regarding claim 6 , Allen et al./Wong et al. teaches all the limitations of claims 1 
and 5, above. However, Allen et al./Wong et al. does not teach wherein the on-line 
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service comprises the application server, and wherein the application server 
accesses a database. 4 

Fischer teaches wherein the on-line service comprises the application server, 
and wherein the application server accesses a database (paragraph 0034). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine accessing a database, as taught by Fischer ; with the 
method of Allen et al./Wong et al. It would have been obvious for such modifications 
because the database contains products to be ordered, by accessing the database, 
correct quantities can be obtained. 

Regarding claim 15 , Allen et al./Wong et al. teaches all the limitations of claim 1 , 
above. However, Allen et al./Wong et al. does not teach wherein the transaction 
authorization token specifies an e-mail audit signature, and said transaction 
authorization token is valid only if the transaction is sent from an e-mail program via an 
e-mail delivery path that matches the e-mail audit signature. 

Fischer teaches wherein the transaction authorization token specifies an e- 
mail audit signature, and said transaction authorization token is valid only if the 
transaction is sent from an e-mail program via an e-mail delivery path that matches the 
e-mail audit signature (paragraph 0025). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine an e-mail audit signature for verifying the token, as 
taught by Fischer , with the method of Allen et al./Wong et al. It would have been 
obvious for such modifications because the audit signature prevents intruders from 
using a different e-mail address to trick the system into thinking the intruder is 
authorized. 

Regarding claim 16 , the combination of Allen et al. in view of Wong et al./Fischer 
teaches wherein an e-mail address to which the message is sent varies according to an 
authorized data object and transaction type (see paragraph 0025 of Fischer). 

Regarding claim 19 , Allen et al./Wong et al. teaches all the limitations of claim 1 , 
above. However, Allen et al./Wong et al. does not teach wherein the transaction 
authorization token is contained in a body or a header of an e-mail message. 

Fischer teaches wherein the transaction authorization token is contained in a 
body or a header of an e-mail message (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the token contained in a body or header of an e-mail 
message, as taught by Fischer , with the method of Allen et al./Wong et al. It would 
have been obvious for such modifications because containing the token in the body of 
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an e-mail message provides further authentication and authorization (see paragraph 
0025 of Fischer). 

Regarding claim 20 , Allen et al./Wonq et al. teaches all the limitations of claim 1, 
above. However, Allen et al./Wong et al. does not teach wherein the transaction 
authorization token and the.off-line transaction object are attachments to an e-mail 
message. 

Fischer teaches wherein the transaction authorization token and the off-line 

transaction object are attachments to an e-mail message (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the, 
invention was made, to combine the token and transaction object are attachments to an 
' e-mail message, as taught by Fischer with the method of Allen et al./Wong et al. It 
would have been obvious for such modifications because containing the token as an 
attachment of an e-mail message provides further authentication and authorization (see 
paragraph 0025 of Fischer). 

Regarding claim 23 , Allen et al./Wong et al. teaches all the limitations of claim 1 , 
above. However, Allen et al./Wong et al. does not teach wherein said secure 
transaction is selected from the group consisting of a database modification, update, 
adding a file, and editing a file. 
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Fischer teaches wherein said secure transaction is selected from the group 
consisting of a database modification, update, adding a file, and editing a file (paragraph 
0022). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine transactions consisting of modifications, updating, 
adding a file, and editing a file, as taught by Fischer with the method of Allen et 
al./Wong et al. It would have been obvious for such modifications because editing a file 
allows the user to obtain the exact purchase order desired by the user. 

Regarding claim 24 , the combination of Allen et al. in view of Wong et al./Fischer 
teaches the group consisting of a database modification, update, adding a file, 
editing a file, checking out a file, editing the file off-line, and checking in the file as an 
e-mail attachment (see fig. 4, ref. num 64/66/68 of Fischer). 

Regarding claim 26 , Allen et al./Wong et al. teaches all the limitations of claim 1 , 
above. However, Allen et al./Wong et al. does not teach wherein the user comprises a 
software agent adapted to conduct the transaction on behalf of the user. 



Fischer teaches wherein the user comprises a software agent adapted to 
conduct the transaction on behalf of the user (paragraph 0020). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a software agent that conducts transactions on behalf 
of the user, as taught by Fischer with the method of Allen et al./Wong et al. It would 
have been obvious for such modifications because a software agent provides an 
automated process for the. user to order products from a vendor. 

Regarding claim 27 , Allen et al./Wong et al. teaches all the limitations of claim 1 , 
above. However, Allen et al./Wong et al. does not teach wherein the user sends the 
message to the on-line service while the user is offline from the online service. 

Fischer teaches wherein the user sends the message to the on-line service, while 
the user is offline from the online service (paragraph 0019). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine sending the message to the service while the user is 
offline from the online service, as taught by Fischer , with the method of Allen et 
al./Wong et al. It would have been obvious for such modifications because the user can 
provide the message ahead of time without having to log in to the service (see 
paragraph 0019 of Fischer). This saves time for the user by having the message 
already provided to the on-line service. 
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Regarding claim 28 , the combination of Allen et al. in view of Wong et al./Fischer 
teaches wherein the message to the on-line service is sent via e-mail (see paragraph 
0025 of Fischer). 

Claims 8 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Allen et al. (USPGPUB ( 629) in view of Wong et al. (USPN '364), and further in view of 
Konheim et al, (LLS. Patent No. 4,393,269). 

Regarding claim 8 , Allen et al./Wong et al. teaches all the limitations of claim 1, 
above. However, Allen et al./Wong et al. does not teach wherein the transaction 
authorization token is a one-way encryption of at least one of an identity of the user, a 
transaction type, and a data object for which the transaction is authorized. 

Konheim et al. teaches wherein the transaction authorization token is a one- 
way encryption of at least one of an identity of the user, a transaction type, and a data 
object for which the transaction is authorized (col. 23, lines 52-62). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine an one-way encryption of the identity to create the 
token, as taught by Konheim et al. , with the method of Allen et al./Wong et al. It would 
have been obvious for such modifications because the one-way encryption of the 
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identity provides a method for verifying both the content of the transaction and the 
parties involved (see abstract of Konheim et al.). 

Regarding claim 18 , Allen et al./Wong et al. teaches all the limitations of claims 1 
and 1 7, above. However, Allen et al./Wong et al. does not teach wherein said 
encrypting comprises issuing a temporary public key that is a one-way encryption 
function of an address to which the secure transaction is to be sent for encryption of the 
off-line transaction object. 

Konheim et al. teaches wherein said encrypting comprises issuing a temporary 
public key that is a one-way encryption function of an address to which the secure 
transaction is to be sent for encryption of the off-line transaction object (col. 23, lines 
52-62). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine using an one-way encryption function for encrypting 
the transaction object, as taught by Konheim et al. , with the method of Allen et al./Wong 
et al. It would have been obvious for such modifications because the one-way 
encryption of the identity provides a method for verifying both the content of the 
transaction and the parties involved (see abstract of Konheim et al.). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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